package com.studorm.action;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.struts2.ServletActionContext;

import com.opensymphony.xwork2.ActionSupport;
import com.studorm.Connection_mysql;
import com.studorm.MD5;

/**
 * @author Waiting_hao
 * 
 * 用户登录验证
 *
 */
public class LoginAction extends ActionSupport {

	/**
	 * 
	 */
	private static final long serialVersionUID = -3589067291260577880L;

	/*
	 * 登录用户的姓名
	 */
	//String name = null;

	/*
	 * 是否登录成功 
	 */
	//Boolean login = false;

	/*
	 * 用户身份
	 * 1、超级管理员
	 * 2、宿舍管理员
	 * 3、学生
	 */
	int identity = 0;


	public int getIdentity() {
		return identity;
	}


	public void setIdentity(int identity) {
		this.identity = identity;
	}


	/* -----------------------------
	 * 		登录验证   ver.12.02
	 * -----------------------------
	 * 
	 * 从前台获取账号，密码，身份等参数后
	 * 通过不同的身份查询不同的表，判断用
	 * 户是否合法。
	 * 
	 */
	public String checkIdentity() throws Exception{
		HttpServletRequest request = ServletActionContext.getRequest(); 
		String id = request.getParameter("id");
		String pw = request.getParameter("pw");
		String identity_s = request.getParameter("identity_radio");
		String autoL = request.getParameter("auto");

		HttpServletResponse response = ServletActionContext.getResponse();

		if(id == null || id.isEmpty()){
			return ERROR;
		}
		if(pw == null || pw.isEmpty() || pw.length() < 6){
			return ERROR;
		}
		if(identity_s == null | identity_s.isEmpty()){
			return ERROR;
		}
		identity = Integer.parseInt(identity_s);

		Connection conn = Connection_mysql.getConnection();
		ResultSet res;
		String sql = null;
		if(identity == 3){
			sql = "SELECT COUNT(*) FROM studentsinf WHERE studentNu = ? and password = ";
		}
		if(identity == 2){
			sql = "SELECT COUNT(*) FROM staffinf WHERE staffNu = ? and password = ";
		}
		if(identity == 1){
			sql = "SELECT COUNT(*) FROM admin WHERE idadmin = ? and password = ";
		}

		/*
		 * 从cookie中读取的密码已加密
		 * 无须再次加密
		 */
		if(autoL != null && autoL.equals("true")){
			sql += "?;";
		}else{
			sql += "MD5(?);";
		}

		PreparedStatement ps = conn.prepareStatement(sql);
		ps.setString(1, id);
		ps.setString(2, pw);
		res = ps.executeQuery();
		int count = 0;
		while(res.next()){
			count = res.getInt(1);
		}
		res.close();
		ps.close();

		if(count == 1){
			setSession(conn, request, identity, id);
			String remember = request.getParameter("remb");
			if(remember != null && remember.equals("checked")){
				Cookie cookie_id = new Cookie("id", id);
				Cookie cookie_pw = new Cookie("pw", MD5.getMD5Str(pw));
				Cookie cookie_identity = new Cookie("identity", String.valueOf(identity));
				cookie_id.setMaxAge(2592000); // 30天
				cookie_pw.setMaxAge(2592000);
				cookie_identity.setMaxAge(2592000);

				response.addCookie(cookie_pw);
				response.addCookie(cookie_id);
				response.addCookie(cookie_identity);
			}

			if(autoL != null && autoL.equals("true")){
				switch(identity){
				case 1:
					response.sendRedirect("/admin/admin.jsp");// 有问题
					break;
				case 2:
					response.sendRedirect("/studormcms/staff/staff.jsp");
					break;
				case 3:
					response.sendRedirect("/studormcms/student/student.jsp");
					break;
				}
			}
		}else{
			conn.close();
			identity = 0;
		}

		return SUCCESS;
	}


	private void setSession(Connection conn, HttpServletRequest request, int identity, String id) throws Exception {
		HttpSession session = request.getSession();
		session.setAttribute("isLogin", String.valueOf(identity));
		session.setAttribute("id", id);
		String sql = null;
		if(identity == 3){
			sql = "SELECT name FROM studentsinf WHERE studentNu = ?;";
		}
		if(identity == 2){
			sql = "SELECT name FROM staffinf WHERE staffNu = ?;";
		}
		//if(identity == 1){
		//sql = "SELECT COUNT(*) FROM admin WHERE idadmin = ? and password = MD5(?);";
		//}
		PreparedStatement ps = conn.prepareStatement(sql);
		ps.setString(1, id);
		ResultSet res = ps.executeQuery();
		while(res.next()){
			session.setAttribute("name", res.getString(1));
		}
		res.close();
		ps.close();
		conn.close();
	}

}
